APT
Volt Typhoon is a Chinese state sponsored APT group that has been active since at least 2021. They target critical infrastructure in the US and its territories, including Guam. They are stealthy, using living off the land and hands on keyboard to evade detection.
Volt Typhoon uses a variety of techniques to get in and stay in the target network. They often get in by exploiting known vulnerabilities in public facing network devices, such as routers and VPNs. Once in, they use legitimate tools and processes native to the operating system – a technique called living off the land – to blend in with normal network activity and avoid detection by security systems.
Use of Network Devices for Obfuscation
Their methodology includes using compromised small office and home office network devices to route their traffic, making it difficult for defenders to trace back to the group. This not only hides their presence but also uses the trust associated with legitimate network devices.
Strategic Goals and Threats
Volt Typhoon’s focus on stealth and persistence means they are preparing for potential disruptive or destructive cyber operations. By getting deep into critical infrastructure networks they are positioning themselves to disrupt services in the event of increased geopolitical tensions, which is a major national security threat
Regularly update and patch internet-facing systems to address known vulnerabilities.
Implement multi-factor authentication (MFA) to enhance account security.
Conduct continuous monitoring and centralized logging of network activities to detect anomalies.
Decommission outdated technology and ensure all systems receive timely updates.
